Privacy notice
Our Privacy Notice outlines how we collect, store, use and protect personal information.
Our Privacy Notice outlines how we collect, store, use and protect personal information.
* Updated 9 July 2026
This Privacy Notice is about how Capitec Bank Holdings (“Capitec Group”), as a responsible party, handles your personal information. It covers the Capitec Group, its employees, contractors or authorised agents acting on behalf of Capitec, its subsidiaries or any third party and partners with whom we have contracted. It explains: what type of information we collect about you, how we use that information, who we may share it with, the circumstances under which we may share it and how we will keep your personal information private and secure.
This Privacy Notice applies to you if you are:
Personal information means information, in any format, which can identify a living natural person or, where applicable, a juristic person.
Personal information excludes:
We will collect your personal information under these circumstances or conditions:
Each Capitec Group entity may also collect your personal information from other entities within the Capitec Group or from partners or affiliates of Capitec with whom the Capitec Group conducts business.
When you provide us with the personal information of other people (like your spouse, dependants, beneficiaries, lives assured, directors, members, partners, trustees, ultimate beneficial owners, nominated representatives, authorised signatories, guarantors, dependents, beneficiaries, lives assured, co-applicants for home loan applications/enquiries, or members of a stokvel or similar arrangement), you confirm that you have their permission, where applicable, to share this information with us for the purposes outlined in this Privacy Notice. You also agree to indemnify us from any loss or damage that might occur if you share or instruct us to obtain a third party’s information without the necessary consent or proper authorisation.
If you have an employment application, we may gather additional information about you from various sources. This could include public records, career platforms, social media and other third parties. For instance, we might obtain insights from your professional or academic references, such as previous employers or educational institutions, as well as through third-party pre-employment background checks.
We may process your personal information together with third parties who assist us or where we jointly determine how your information is used, in line with applicable data protection laws.
We will only collect your information in line with relevant regulations and laws. The information we collect, and process could include:
Depending on the products and services that you require, we may also collect special personal information about you, for example:
Depending on the products and services that you use, we may also collect or generate the following information about you:
Our personal information core processing principles are explained in detail here.
If we are unable to collect your personal information, or you request that we restrict the processing of your personal information necessary to provide the products and services you have requested, we regret that we will not be able to continue offering you our products and services.
We only process your personal information for clear purposes, use it in a fair and responsible way, and take steps to protect your privacy. We will only process your personal information where we have a lawful reason for doing so and on a justifiable ground. For example, where you have consented to the processing, where it’s necessary for us to comply with obligations imposed by law, where it’s necessary to perform a contract with you or where it’s necessary to pursue our legitimate interests or those of a third party (as further detailed below). You can exercise your POPIA rights related to this processing at any time here.
The personal information we collect may be processed through centralised functions and systems across entities (including joint ventures and companies) in the Capitec Group. It may be used for the purposes of fraud, risk monitoring and analysis, statistical analysis and to improve, develop, price and market products or services. We may use automated tools, including artificial intelligence, to support our services, security safeguards and fraud prevention techniques. This will be done with the appropriate controls as set out below.
Where we process Special Personal Information, such processing is subject to additional legal restrictions and will only take place where a specific lawful ground applies together with appropriate safeguards.
Clients and potential clients
We need to process your personal information to carry out the obligations of our agreement with you. This includes all the processing and pre-assessment activities that are required to enable us to sign you up for one or more of our Capitec Group products or services (for example, verifying your identity, pricing all contracts, assessing and verifying claims, assessing whether you qualify for a product or service, enrolling you for electronic signatures, obtaining your credit bureau information etc.), use the Capitec app and managing the client or potential client relationship for the duration of the agreement and as required after termination of the client relationship. We may use information obtained from third-party, public or government sources to support our services, including identity verification, client due diligence, fraud prevention and to maintain accurate and up-to-date information about you.
To use some of our services, we need to confirm that you are in South Africa. This is due to regulatory and App Store requirements. For example, we need your location to let you play Lotto on the Capitec app and to accept payments with our Merchant Device. We also use location services to monitor for fraud and risk. You might need to allow the Capitec app to access your location while using it. We only use your location while you use the Capitec app and do not track your location otherwise.
We may require additional identity verification where necessary, using biometric or digital methods, such as a selfie or digital identity services (for example, Smart ID), to protect your account, comply with regulatory obligations or provide you with certain services. Where you choose to use services such as Smart ID, we may process your information to facilitate your request and share relevant information with authorised third parties (for example, government authorities or service providers) to complete the service. Your identity verification information is used for security, fraud prevention and service delivery purposes, and is not used for marketing or unrelated activities.
Where you request us to do so, we may provide verified personal information about you (such as proof of identity, proof of account, account statements or proof of address) to third parties for a specific purpose, for example to enable you to meet onboarding or verification requirements with another service provider or public authority.
This is done:
- At your request and with your explicit consent
- For a clearly defined purpose communicated to you at the time
- Using secure and controlled processes
We only share the minimum information necessary to fulfil the request, and the receiving party is responsible for their use of the information.
Employees and potential employees
We need to process your personal information and special personal information to carry out the obligations of our agreement with you as a potential or permanent Capitec employee. We will use the personal information and special personal information collected for recruitment purposes and for purposes connected with your employment. We may seek more information about you from other sources, including from public domains, career platforms, social media and/or third parties.
We may need to process your personal information and special personal information to comply with specific legal obligations. We operate in a highly regulated environment of banking, insurance, financial services, credit and other goods and services, which means that there are several laws, regulations and directives that require us to perform certain processing activities (such as the FIC Act, the Income Tax Act and the VAT Act).
This may include using your personal information and special personal information to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and/or that of others.
We will mostly collect information directly from you but there may be instances where we may need to obtain your information from the Department of Home Affairs, the Credit Bureaus and other public sources, to:
We will use the most reliable source of information to update your personal information where required.
We process your personal information to protect your legitimate interests or when necessary to pursue our own or a third party’s legitimate interest. We have processes in place to ensure that your personal information and right to privacy remain protected at all times. This includes the use of risk-based authentication measures, such as biometric or selfie or digital identity verification, where necessary to aim to prevent fraud.
We may use video surveillance in our branches, at our ATMs or operational areas for safety, security and operational efficiency.
We may record your interactions with us, such as emails, phone calls, live chats and other communications. These recordings help us to verify your instructions, improve our service, train our staff, manage risks and prevent fraud and other crimes. We may also collect information about the devices or software you use during these interactions.
We may use your personal information as a banking and insurance client to personalise existing and new products and services to benefit you. Our analysis includes data analytics, statistical or other analysis to better understand how you use our services and to respond to any service issues you may have. You can opt out of this personal information usage at any time for direct marketing and personalised offers by changing the consent settings and communication preferences on your app or through the Client Care Centre. Alternatively, send us a request on Processing Restriction Request | Privacy Centre | Capitec.
Opting out of direct marketing or personalised offers will only opt you out of product offer communications based on consent and not where the processing of your personal information is necessary when required by law or when required to carry out the obligations of an agreement we have with you. Where the processing of your personal information is required by law or when carrying out the obligations of an agreement, you cannot opt out of this communication.
Where you have consented to us doing so:
These services aim to keep you informed about and offer you new products, services and benefits that help you to live better but also to educate you about good financial behaviours based on your previous actions or needs.
These further processing conditions may be subject to additional restrictions where the personal information is Special Personal Information or Personal Information of children.
You can exercise your POPIA rights related to the retention of your personal information at any time here, but we may have to keep your personal information even if we no longer have a relationship with you to meet our regulatory requirements and for legitimate business purposes, as set out in our information retention policy. Any retained information will be kept secure in line with our security policies. If we don’t need the information anymore, we may delete it or de-identify it.
We will take the appropriate, reasonable, technical and organisational steps to protect your personal information in line with industry best practices. This includes, e.g.:
Your information may be transferred to and stored in locations outside of South Africa. When we do this, we will ensure that the third-party recipient of the information is subject to adequate data protection laws to ensure that your personal information is protected at the level of protection as required in terms of South African data protection laws and that the transfer is lawful.
We will not sell your personal information. We may, however, use aggregated or de-identified information to develop insights, analytics or services, including services provided to third parties, in a way that does not identify you. Personal information will only be disclosed as described in this Privacy Notice or where otherwise permitted or required by law.
You have several rights in relation to the personal information that we hold about you. These rights include:
You may submit a grievance about the processing of your personal information in relation to this Privacy Notice through our Privacy Centre POPIA / Other Complaint | Privacy Centre | Capitec.
You also have the right to file a complaint with the Information Regulator about an alleged contravention of the protection of your personal information. The contact details of the Information Regulator are as follows:
Visit their website | |
Physical address | The Information Regulator (South Africa) 54 Maxwell Drive Woodmead Johannesburg 2191 |
Phone number | Toll Free: 0800 017 160 Landline: 010 023 5200 |
[email protected] – should your PAIA request be denied or there is no response from public or private bodies for access to records you may use this email address to complain. [email protected] – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint. |
If we change ownership, merge with, acquire or are acquired by or sell assets to another entity we may assign our rights to the personal information we process to a successor, purchaser or separate entity. We will disclose the transfer on our website. If you are concerned about your personal information being transferred to a new owner, you may exercise your rights in our Privacy Centre by clicking on the following link: Exercise Your POPIA Rights | Privacy Centre (capitecbank.co.za).
We regularly review our practices to make sure your personal information is safe and used responsibly. Sometimes we may need to update our data privacy policies. This may affect clauses in our contracts or terms and conditions. If we do, we’ll let you know by posting a notice on our website or app or through another communication method. These notices will show what changes we made and when they start.
Please note that Capitec may not be able to continue a banking or insurance relationship with a client or provide clients with certain products or services if they object to or do not agree with the changes.
The latest version of this Privacy Notice is dated and made available on Capitec’s website. It applies to all data subject interactions with Capitec and will be accessible on Privacy Notice | Privacy Centre | Capitec.